This section describes the architecture of the ldap.properties
file.
This is only used if COMMON.PROPERTIES authentication
LDAPconfig is 1
Modifiable Field |
ldap.connectionName |
Field Description |
The username used to authenticate to a read-only
LDAP connection. If left blank, an anonymous connection is attempted |
Possible Values |
User defined for example, administrator@example.com |
Value Definition |
User defined |
ldap.connectionPassword =
Modifiable Field |
ldap.connectionPassword |
Field Description |
The password used to establish a read-only LDAP
connection. The password can be entered here in plain text or it
can be encrypted. |
Possible Values |
User defined |
Value Definition |
User defined |
Modifiable Field |
ldap.connectionURL |
Field Description |
URL of the LDAP server |
Possible Values |
User defined for example:ldap://ldap.server.com |
Value Definition |
|
ldap.security_authentication=
Modifiable Field |
ldap.security_authentication |
Field Description |
Specifies the security level to use. If this property
is unspecified, the behavior is determined by the service provider. |
Possible Values |
none, simple, strong |
Value Definition |
String |
Modifiable Field |
ldap.groupName |
Field Description |
LDAP group name |
Possible Values |
User Defined for example:ldapGroup |
Value Definition |
|
Modifiable Field |
ldap.groupNameTrim |
Field Description |
Specifies whether the group name must be trimmed
. |
Possible Values |
True or False |
Value Definition |
|
Modifiable Field |
ldap.groupDescription |
Field Description |
Field for group description |
Possible Values |
User defined for example : description |
Value Definition |
|
Modifiable Field |
ldap.groupMembers |
Field Description |
Specifies user membership within a group |
Possible Values |
User Defined |
Value Definition |
|
Modifiable Field |
ldap.groupBase |
Field Description |
Defines the starting location for the search of
the LDAP groups. The Distinguished Name (DN) specified will indicate
the location in the directory structure in which all groups are contained. |
Possible Values |
User Defined ldap.groupBase=OU=Groups,OU=MyLocation, DC=MyCompany,DC=com |
Value Definition |
|
Modifiable Field |
ldap.groupSearch |
Field Description |
Defines the LDAP query that is used to import AD
groups to BigFix® Remote
Control.
The defined query needs to filter the results such that only those
groups that are needed are imported to BigFix® Remote
Control.
|
Possible Values |
User Defined for example : ldap.groupSearch=(objectClass=group)
= Imports all AD groups to BigFix® Remote
Control.
Be aware some environment can have thousands of groups. |
Value Definition |
|
Modifiable Field |
ldap.groupSubtree |
Field Description |
If set to true, BigFix® Remote
Control will
search recursively through the subtree of the element specified in
the ldap.groupBase parameter for groups associated
with a user. If left unspecified, the default value of false causes
only the top level to be searched (a nonrecursive search). |
Possible Values |
True or False |
Value Definition |
|
Modifiable Field |
ldap.userPassword |
Field Description |
Password field |
Possible Values |
User Defined |
Value Definition |
|
Modifiable Field |
ldap.userEmail |
Field Description |
LDAP field for Email |
Possible Values |
User Defined for example: userPrincipalName |
Value Definition |
|
Modifiable Field |
ldap.userid |
Field Description |
LDAP field for userid |
Possible Values |
User Defined |
Value Definition |
|
If the following parameters are defined they is mapped
into the local database
Modifiable Field |
ldap.forename |
Field Description |
LDAP field for forename |
Possible Values |
User Defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.surname |
Field Description |
LDAP field for surname |
Possible Values |
User defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.title |
Field Description |
LDAP field for title |
Possible Values |
User Defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.initials |
Field Description |
LDAP field for initials |
Possible Values |
User Defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.company |
Field Description |
LDAP field for company |
Possible Values |
User Defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.department |
Field Description |
LDAP field for department |
Possible Values |
User Defined |
Value Definition |
User Defined string |
Modifiable Field |
ldap.telephone |
Field Description |
LDAP field for telephone |
Possible Values |
User defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.mobile |
Field Description |
LDAP field for userid |
Possible Values |
User defined |
Value Definition |
User defined |
Modifiable Field |
ldap.state |
Field Description |
LDAP field for state |
Possible Values |
User defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.country |
Field Description |
LDAP field for country |
Possible Values |
User defined |
Value Definition |
User defined string |
Modifiable Field |
ldap.userBase |
Field Description |
the base of the sub tree containing users. If not
specified, the search base is the top-level context. |
Possible Values |
User Defined for example
ldap.userBase=OU=Users,OU=MyLocation,DC=MyCompany,DC=com
|
Value Definition |
|
Modifiable Field |
ldap.userSearch |
Field Description |
Pattern to use for searches |
Possible Values |
for example (userPrincipalName={0}@ActDirTest.SDC.COM) |
Value Definition |
All users who match the search criteria are imported
into the BigFix® Remote
Control database.
To limit this further you can use the ldap.userInGroup parameter. |
Modifiable Field |
ldap.userSubtree |
Field Description |
Search up the subtree |
Possible Values |
True or False |
Value Definition |
True for search the subtree, False do not search |
Modifiable Field |
ldap.userInGroup |
Field Description |
Determines whether a user who matches the user
search criteria also has to be a member of the groups found in the
group search. |
Possible Values |
True or False |
Value Definition |
- True
- only users who match the user search criteria and are members
of the groups found in the group search are imported.
- False
- all users who match the user search criteria regardless of their
group membership are imported.
Note: Users are imported into the
DefaultGroup as well as any other groups that they belong to. |